Apple Disk Image Forensics
Brief Introduction to DMG Files
A DMG file is an acronym for Disk Image and its format includes options such as various volume types (HFS, HFS+, HFSX), compression options, encryption and file spanning. One of the common Apple Disk Image formats supported by the applications for its forensics is its raw format which is created using the command based program “dd” or its variants. The .DMG file extension is recognized by Macintosh OS X disk image with a .dmg file extension. A DMG is like a virtual DVD or hard drive with a compressed DMG format.
The DMG files that have been compressed are not supported by forensic analysis applications, these are generally read-only files. A compressed DMG will not contain unallocated or slack space and it loses its original data when converted to another format. Apple disk image analysis expects the DMG file to be in the uncompressed format.
DMG file is mostly used for installing programs on Mac Computer. But, they can be created for any kind of file that is available on the machine. On a MAC machine, users can easily open a file by double-clicking on the DMG file icon. But things get a little more complicated if the user wants to open the Mac DMG file on windows. At this point, a user needs a third-party tool like DMG Viewer to open MAC OS X DMG files on Windows.
Specification Of The Tool
- Supported OS – Windows 10 and all below versions
- Size of Tool – 1 MB
- Version – 1.0
- License – Freeware
- Processor Required – 1 GHz
- RAM Required – 512 MB
- Free Hard Disk Space Required – 50 MB
- Language Support – English
NOTE: – The trial version of DMG Viewer is for beginners. It has certain limitations such as it only previews EML, EMLX, MBOX, TXT and HTML file format. Also, there is no provision for saving the data in the trial version.
Disk Image Forensics – Analyzing DMG Files
Advanced forensic experts can make use of the licensed version of the software to enjoy complete features without any limitation. The licensed version of the Apple Disk Image Forensics Tool is available under various license models.
1. Firstly, launch the DMG Viewer, after launching the software. A pop-up window will open then click on the Scan option.
2. Now, you can use the Filter option to select all or a particular file type such as EML, MBOX, EMLX.
3. Now click on the Browse button for selecting the location of the DMG file. The software also provides the option to browse a particular file or folder.
4. After browsing the file, click on OK. Now a pop-up window will open with the message “Scanning of selected file(s) done successfully.”
5. The next window shows the hierarchy of the DMG file, i.e. all files included in DMG files of Apple Mac OS X on Windows OS.
6. Now you can open a particular email or all files by simply clicking on the Preview option.
7. The next pop-up window shows the option to preview the email in different views such as Normal Mail, HEX, Properties, Message Header, HTML, RTF, or Attachments.
8. The software also provides a Search option, in which you can filter the emails according to create, modify, last access and date.
9. After the analysis of all the files, you can also save the crucial data for further examination.
There are multiple software applications are available to view DMG files, but DMG Viewer is a freeware utility that helps the user to open, view and read a corrupt, encrypted or password-protected DMG file of Apple Mac OS X on the Window Operating System. The software can also recover and extract the permanently deleted files into multiple file formats such as EML, EMLX, MBOX, HTML, Image, and TXT File.